Well if this may help...we have had this same experience twice in the space of 4 days...this is the most recent online live help chat with our host's on this matter:
RoseHosting2:
Hello. How may I help you?
archie:
our server seem to be down again
archie:
www.chitchatafrica.com
RoseHosting2:
Yes, we had to stop your server. We found some illegal activities going on on your server again.
archie:
illegal activity?
RoseHosting2:
There are some phishing sites located inside the following directories:
RoseHosting2:
/home/admin/public_html/orca/log/Abbey.Co.Uk/Abbey.Co.Uk/
RoseHosting2:
/home/admin/public_html/groups/orca/js/BankofAmerica.Com/
archie:
damn!!!!
archie:
how could that be?
RoseHosting2:
I
am not sure, but I think that is something connected with the orca
application. It seems that this application is very insecure.
archie:
thanks for the info
archie:
any other directory please?
RoseHosting2:
All the forgery applications were uploaded via the following PHP script: /home/admin/public_html/groups/orca/index2.php .
archie:
good to know
RoseHosting2:
Also, this script was used for FTP brute force attacks to other networks.
archie:
gosh!!!!
archie:
thats terrible
RoseHosting2:
It seems that you will have to build website from scratch once again.
archie:
could you kindly do us a favor and delete those files for us?
RoseHosting2:
No, it seems that your root user password has been hacked again. So, we will have to reinstall your virtual server once again.
archie:
gosh
archie:
how did they find our new passwords?
archie:
we have a very very strong password in place
archie:
it is ridiculously strong
RoseHosting2:
I am sorry, but I do not know that. Maybe you are using dictionary based passwords.
archie:
even using symbols
RoseHosting2:
As
I said before, it seems that the orca application is very insecure and
the hackers were using this application to install their forgery
applications.
archie:
ok
archie:
dont know the best way round it...
RoseHosting2:
All
the current files of your website are somehow compromised, so if we
reinstall your server once again you will have to upload all your
websites' data to your server again.
archie:
mmmm...i guess if there is no other way round it
RoseHosting2:
I am sorry, but this is the only way now.
Hope this will be of some help in resolving this very compromising and urgent matter.
Also of note is that we not using orca as yet...just had it along with the dolphin package
Soonest time Boonex takes a look at this the less likely the word will go around the webmasters and developers community online to the effect that people might be put off recommending the dolphin package.
Not sure about Faceflirt, but myself i am putting on hold all the praises I have been singing about my dolpin pack :(